Orphaned pages

From Guidance Share

Jump to: navigation, search

Showing below up to 100 results starting with #1.
View (previous 100) (next 100) (20 | 50 | 100 | 250 | 500).

  1. ASP.NET 2.0 Intranet - Windows Auth to AD Groups
  2. ASP.NET 2.0 Security FAQs
  3. ASP.NET 2.0 Security Questions and Answers - Authentication
  4. ASP.NET 2.0 Security Questions and Answers - Configuration
  5. ASP.NET 2.0 Security Questions and Answers - Impersonation / Delegation
  6. ASP.NET 2.0 Security Questions and Answers - Others
  7. About
  8. About This Site
  9. Application Architecture Guide - Cheat Sheet - patterns
  10. Assume all input is malicious.
  11. Audit and log access across application tiers.
  12. Avoid plain text passwords in configuration files
  13. Avoid storing secrets in the Local Security Authority (LSA).
  14. Avoid storing sensitive data in view state
  15. Back up and analyze log files regularly.
  16. Be able to disable accounts.
  17. Be careful with canonicalization issues.
  18. Catch exceptions.
  19. Centralize your approach.
  20. Connect using a least privileged account
  21. Connection string management
  22. Consider authorization granularity
  23. Consider authorization granularity.
  24. Consider identity flow.
  25. Consider the identity that is used for resource access
  26. Constrain, Then Sanitize
  27. Constrain, reject, and sanitize your input.
  28. Constrain input
  29. Create application specific event source
  30. Data privacy and integrity on the network
  31. Do not cache sensitive data
  32. Do not develop your own cryptography.
  33. Do not leak information to the client.
  34. Do not mix session tokens and authentication tokens
  35. Do not pass sensitive data from page to page
  36. Do not pass sensitive data using the HTTP-GET protocol.
  37. Do not rely on client-side state management options
  38. Do not rely on client-side validation.
  39. Do not send passwords over the wire in plaintext.
  40. Do not store database connections, passwords, or keys in plaintext.
  41. Do not store passwords in user stores.
  42. Do not store secrets if you can avoid it.
  43. Do not store secrets in code.
  44. Do not store sensitive data in persistent cookies.
  45. Do not trust HTTP header information.
  46. Does the code centralize its approach?
  47. Does the code use protection="All"
  48. Does the code use the right algorithm with an adequate key size?
  49. Encode Output
  50. Encrypt sensitive cookie state.
  51. Encrypt sensitive data if you need to store it
  52. Encrypt the contents of the authentication cookies.
  53. Encrypt the data or secure the communication channel.
  54. Engineering Practices Overview
  55. Ensure database connections are always closed
  56. Fail securely
  57. Firewall restrictions
  58. Guidance
  59. Guidance Overview
  60. How To: Delay Sign an Assembly in .NET 2.0
  61. How To: Perform a Security Code Review Review for Managed Code (Baseline Technique)
  62. How To: Use SecureString in .NET 2.0
  63. Impersonate original caller only when required
  64. Install URLScan on your Web server
  65. Keep unencrypted data close to the algorithm.
  66. Limit session lifetime.
  67. Log detailed error messages.
  68. Log key events.
  69. Login account configuration
  70. Logon auditing
  71. Maintain sensitive data on the server
  72. Maintain separate administration privileges.
  73. Make sure that users do not bypass your checks.
  74. News and Highlights
  75. Partition your Web site
  76. Personas at patterns & practices
  77. Place Web controls and user controls in separate assemblies
  78. Place resource access code in a separate assembly
  79. Protect authentication cookies.
  80. Protect credentials and authentication tickets
  81. Protect log files.
  82. Protect sensitive data in storage
  83. Protect sensitive data over the wire
  84. Protect session state from unauthorized access.
  85. Protect the credentials for SQL authentication
  86. Protect view state with MACs
  87. Protect your administration interfaces.
  88. Protect your configuration store.
  89. Protect your encryption keys.
  90. Require authentication for sensitive pages
  91. Require strong passwords.
  92. Resources Index
  93. Restrict the application in the database
  94. Restrict unauthorized callers
  95. Restrict unauthorized code
  96. Restrict user access to system-level resources.
  97. Retrieve sensitive data on demand.
  98. Sanitize Input
  99. Secure UDL files with restricted ACLs
  100. Secure restricted pages with SSL

View (previous 100) (next 100) (20 | 50 | 100 | 250 | 500).

Personal tools